Security News

Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.

The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services. Cyberserve is an Israeli web development firm and hosting company used by various organizations, including local radio stations, museums, and educational institutions.

The Centre for Computing History in Cambridge, England, has apologised for an "Embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed. "We take security and your data extremely seriously, but sadly no online system can claim to be 100 per cent secure and we have been caught out. However, we have immediately made updates to our security system and blocked the way in which the data was accessed," Fitzpatrick added.

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "Highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata. Known to be active as far back as 2016, LightBasin is believed to have compromised 13 telecommunication companies across the world since 2019 by leveraging custom tools and their extensive knowledge of telecommunications protocols for scything through organizations' defenses.

"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said. "The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. "In the past, we have experienced, and in the future, we may again experience, data security incidents resulting from unauthorized access to our and our service providers' systems and unauthorized acquisition of our data and our clients' data including: inadvertent disclosure, misconfiguration of systems, phishing ransomware or malware attacks," Accenture said.

Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach - and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums. News of the breach came from Have I Been Pwned, whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums.

Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "An isolated attack." "Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India," an Acer Corporate Communications spokesperson told BleepingComputer.

Twitch says that no login credentials and credit card numbers belonging to users or streamers were exposed following yesterday's massive data leak. The company added that the attackers could gain access to the stolen data due to a faulty Twitch server configuration change.

Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don't report a breach or fail to meet required cybersecurity standards. Deputy Attorney General Lisa O. Monaco said that the initiative allows the DoJ to pursue government contractors that keep silent about a breach incident or don't comply with cybersecurity standards.